[ietf-dkim] the danger of ADSP, was list vs contributor
John R. Levine
johnl at iecc.com
Wed Jun 2 14:11:24 PDT 2010
> You'd call it malice to prioritize consumer protection over the a very
> small population of employees being temporarily inconvenienced by having
> some of their messages to mail lists delivered to SPAM and in some
> corner cases, actually unsubscribed from lists...
You're welcome to take whatever risks you want with your own mail.
That's not the issue. I was thinking of the perverse case where another
organization sent discardable mail to a different list, and unrelated
people rejected it and got bounced off. Yes, they both were arguably
doing something wrong, but it was startling to find second order damage
from ADSP to someone who wasn't publishing it.
If it's not clear, I think it's wonderful that Paypal signs all their mail
so that we can reasonably safely dump the unsigned stuff. I have my mail
system set up to do that, albeit configured locally, not by ADSP.
The basic problem with ADSP is that we shipped an untested prototype, and
at this point the only way to test it is to try experiments and hope they
don't do too much damage before we have a chance to tweak and mitigate the
problems. I appreciate that Paypal's intentions are entirely virtuous,
and that you deal with problems pretty quickly for a large organization.
But since you're the elephant in this particular room, the visibility of
accidental damage would be particularly great. I am concerned that since
the distinction between DKIM and ADSP is unclear to many people, they may
take away the impression that if they sign with DKIM, their mail will get
Since Paypal's practices are for the most part so good, it's very useful
to be able to talk to people who are scratching their heads about DKIM and
say "do what Paypal does." It's harder to say "do what Paypal does,
except don't do that."
More information about the ietf-dkim